SlideShare a Scribd company logo

Total privacy of transactions, Mimblewimble and Grin

Download as PPTX, PDF
Eugene Pavlenko
Eugene Pavlenko

Mimblewimble protocol, initially proposed in 2016 as a privacy and scaling solution for Bitcoin, is the essence of the latest cryptography and blockchain inventions of top scientists and core bitcoin developers. Grin, is the famous implementation of this protocol, eagerly expected by industry. It was launched this year on the 15th of January as a separate blockchain and a completely private payment system with its own coin.

1 of 18
Total privacy of transactions, Mimblewimble and Grin
Eugene Pavlenko CEO, co-founder / AXIOMA (axiomadev.com) - blockchain software development agency CTO, co-founder / ToTheMoon Lab (tothemoonlab.com) - digital marketing agency https://www.linkedin.com/in/eugene-pavlenko-b31a0430/ Telegram: @epavlenko
Contents 1. How Mimblewimble and Grin emerged and why they are so anticipated? 2. What is transaction privacy? 3. How private Bitcoin is? 4. General concepts of how Grin provides privacy. 5. Other properties of Grin. 6. Comparison of Grin with others most popular privacy coins.
Mimblewimble White Paper Introduced as the solution of privacy and scalability issues of Bitcoin on the 2nd of August 2016 by the anonymous author called itself Tom Elvis Jedusor. The paper relied on latest researches in the field of cryptography, bitcoin privacy and scalability by famous authors like Greg Maxwell, Nicolas van Saberhage, Peter Wuille, Peter Toss, Tier Nolan and many more.
Mimblewimble WP update, the beginning of Grin October 6, 2016 - update to the Mimblewimble whitepaper by Andrew Poelstra End of 2016 - start of development GitHub repository mimblewimble/grin by anonymous author ignopeverell January 15, 2019 - Grin started its mainnet.
What is total privacy of financial transactions? 1. Only transacting parties know about the existence of the transaction 2. The financial transaction itself doesn’t require to share information about it, including a. Personal information b. Any information about the transaction, like the amount. c. Balance of any wallet 3. Coins are fungible - the history of each coin is not possible to track
How private Bitcoin is? ● Bitcoin stores the whole history of all transactions in public ledger ● To create a transaction you must publish it ● Addresses are pseudonyms. But you can generate new addresses for every transaction and use CoinJoin to improve.
Grin privacy properties ● Amounts of transactions are hidden ● The whole history of transactions is hidden ● Senders IP is hidden ● Inputs and outputs of each block are mixed ● There are no addresses
Hidden amounts, no addresses 1. Verification of zero sums: sum of inputs = sum of outputs 2. Pedersen Commitment: r*G + v*H, v - hidden amount, r - private key (blinding factor), G and H - points on Elliptic Curve 3. Range proofs - included in transaction to prove that all values are non-negative 4. Proof of ownership of the coins is based on generation of new keys for every output value for each transaction. If we want to obscure transaction with 2 inputs (vi1, vi2) and 1 output (vo1), and be sure that transaction doesn’t create coins out of thin air, we need to check if: (ri1*G + vi1*H) + (ri2*G + vi*H) = (ro3*G + vo*H), where ri1 + ri2 = ro3 Example TX: Alice sends 3 coins to Bob. Alice's private key = 35, Bob’s private key = 28 (35*G + 3*H) - (28*G + 3*H) = 7*G + 0*H
Hidden history, mixed inputs and outputs Block structure ● List of new inputs ● List of new outputs ○ r*G+v*H, where v is value of the transaction and r is blinding factor ○ Range proof that show that v is non-negative ● List of transaction kernels for all transactions in the block ○ Kernel excess - public key r*G ○ Signature of the transaction - generated using excess value r as private key ○ Fee amount ● Other information - block header, kernel offset
How to send Gins 1. Via file 2. Directly between 2 wallets
Speed and scalability ● Throughput about 10 tps ● Space requirements: ○ Few gigabytes ○ Scales with number of users not number of transactions No scripts, but multi-signatures, atomic swaps, lightning network and time locks can be implemented
Other info Proof of work algorithm Cuckoo Cycle ● Memory bound ● ASIC friendly ● Immune to quantum speedup ● Very simple - only 42 lines of code. ● Some of the projects using it: aeterniny, CodeChain, BitCash, Veres One Emission ● Average block generation time is 1 minute ● Fixed mining reward 60 grin per minute ● Unlimited linear growth
Competitors - Monero ● Launched in 2014 under name BitMonero, it is CryptoNote technology implementation ● Pros ○ Privacy: Ring Signatures, Ring Confidential transaction, Stealth addresses ○ Fungibility of coins ○ TPS limits - up to 1700 tps, due to adaptive block size ● Cons ○ Space scalability: 14 KB/transaction - 25 times more than Bitcoin ○ No scripting capability ○ Limited multisignature functionality N/N or N-1/N ● Other info ○ Emission curve: 18.132 mln XMR by the end of 2022, then tail curve 0.6 XMR per block ○ Max supply: infinite ○ Avg. block time: 2 min
Competitors - Zcash ● Launched in 2016 by Zerocoin Electronic Coin Company ● Pros ○ Privacy based on Zero Knowledge Proof technology called zk-SNARK. ○ Fungibility of coins ○ Supports both private and transparent transactions ○ Supports scripting ● Cons ○ Space scalability: 5.3 KB/transaction - lower than Monero but 9 times higher than Bitcoin ○ TPS limit: 6.67 - 26.67 TPS ○ Founders reward - 20% of block fees, 10% of total Zcash emission ● Other info ○ Based on Bitcoin fork ○ Max supply: 21 mln ○ Avg. block time: 2.5 min
Competitors - Dash ● Launched in 2014 (formerly known as Darkcoin) ● Pros ○ Supports both private and transparent transactions ○ InstantSend - TPS limit: 500-1000 TPS ● Cons ○ Not fully private. Privacy based on decentralized CoinJoin ○ Masternodes introduce centralization element ○ 10% of block reward goes to treasury ● Other info ○ Bitcoin fork ○ Two-tier network - miners and masternodes ○ Decentralized Governance and funding system ○ Max supply: 18 mln ○ Avg. block time: 2.5 min
Launched on the 3rd of January 2019 by Israel startup What is different from Grin ● Monetary policy ■ Supply capped at 263 million BEAM tokens ■ Emission halving similar to Bitcoin (4 years) ■ Starting block reward 80 BEAM per block ■ Starting founders reward 20 BEAM per block ● Other ■ Auditability features ■ Equihash Proof of Work ■ SBBS system ■ GUI wallet already in place Competitors - Beam
Thank you Questions, please Eugene Pavlenko, telegram: @epavlenko axiomadev.com, tothemoonlab.com https://www.linkedin.com/in/eugene-pavlenko-b31a0430/

More Related Content

Total privacy of transactions, Mimblewimble and Grin

  • 1. Total privacy of transactions, Mimblewimble and Grin
  • 2. Eugene Pavlenko CEO, co-founder / AXIOMA (axiomadev.com) - blockchain software development agency CTO, co-founder / ToTheMoon Lab (tothemoonlab.com) - digital marketing agency https://www.linkedin.com/in/eugene-pavlenko-b31a0430/ Telegram: @epavlenko
  • 3. Contents 1. How Mimblewimble and Grin emerged and why they are so anticipated? 2. What is transaction privacy? 3. How private Bitcoin is? 4. General concepts of how Grin provides privacy. 5. Other properties of Grin. 6. Comparison of Grin with others most popular privacy coins.
  • 4. Mimblewimble White Paper Introduced as the solution of privacy and scalability issues of Bitcoin on the 2nd of August 2016 by the anonymous author called itself Tom Elvis Jedusor. The paper relied on latest researches in the field of cryptography, bitcoin privacy and scalability by famous authors like Greg Maxwell, Nicolas van Saberhage, Peter Wuille, Peter Toss, Tier Nolan and many more.
  • 5. Mimblewimble WP update, the beginning of Grin October 6, 2016 - update to the Mimblewimble whitepaper by Andrew Poelstra End of 2016 - start of development GitHub repository mimblewimble/grin by anonymous author ignopeverell January 15, 2019 - Grin started its mainnet.
  • 6. What is total privacy of financial transactions? 1. Only transacting parties know about the existence of the transaction 2. The financial transaction itself doesn’t require to share information about it, including a. Personal information b. Any information about the transaction, like the amount. c. Balance of any wallet 3. Coins are fungible - the history of each coin is not possible to track
  • 7. How private Bitcoin is? ● Bitcoin stores the whole history of all transactions in public ledger ● To create a transaction you must publish it ● Addresses are pseudonyms. But you can generate new addresses for every transaction and use CoinJoin to improve.
  • 8. Grin privacy properties ● Amounts of transactions are hidden ● The whole history of transactions is hidden ● Senders IP is hidden ● Inputs and outputs of each block are mixed ● There are no addresses
  • 9. Hidden amounts, no addresses 1. Verification of zero sums: sum of inputs = sum of outputs 2. Pedersen Commitment: r*G + v*H, v - hidden amount, r - private key (blinding factor), G and H - points on Elliptic Curve 3. Range proofs - included in transaction to prove that all values are non-negative 4. Proof of ownership of the coins is based on generation of new keys for every output value for each transaction. If we want to obscure transaction with 2 inputs (vi1, vi2) and 1 output (vo1), and be sure that transaction doesn’t create coins out of thin air, we need to check if: (ri1*G + vi1*H) + (ri2*G + vi*H) = (ro3*G + vo*H), where ri1 + ri2 = ro3 Example TX: Alice sends 3 coins to Bob. Alice's private key = 35, Bob’s private key = 28 (35*G + 3*H) - (28*G + 3*H) = 7*G + 0*H
  • 10. Hidden history, mixed inputs and outputs Block structure ● List of new inputs ● List of new outputs ○ r*G+v*H, where v is value of the transaction and r is blinding factor ○ Range proof that show that v is non-negative ● List of transaction kernels for all transactions in the block ○ Kernel excess - public key r*G ○ Signature of the transaction - generated using excess value r as private key ○ Fee amount ● Other information - block header, kernel offset
  • 11. How to send Gins 1. Via file 2. Directly between 2 wallets
  • 12. Speed and scalability ● Throughput about 10 tps ● Space requirements: ○ Few gigabytes ○ Scales with number of users not number of transactions No scripts, but multi-signatures, atomic swaps, lightning network and time locks can be implemented
  • 13. Other info Proof of work algorithm Cuckoo Cycle ● Memory bound ● ASIC friendly ● Immune to quantum speedup ● Very simple - only 42 lines of code. ● Some of the projects using it: aeterniny, CodeChain, BitCash, Veres One Emission ● Average block generation time is 1 minute ● Fixed mining reward 60 grin per minute ● Unlimited linear growth
  • 14. Competitors - Monero ● Launched in 2014 under name BitMonero, it is CryptoNote technology implementation ● Pros ○ Privacy: Ring Signatures, Ring Confidential transaction, Stealth addresses ○ Fungibility of coins ○ TPS limits - up to 1700 tps, due to adaptive block size ● Cons ○ Space scalability: 14 KB/transaction - 25 times more than Bitcoin ○ No scripting capability ○ Limited multisignature functionality N/N or N-1/N ● Other info ○ Emission curve: 18.132 mln XMR by the end of 2022, then tail curve 0.6 XMR per block ○ Max supply: infinite ○ Avg. block time: 2 min
  • 15. Competitors - Zcash ● Launched in 2016 by Zerocoin Electronic Coin Company ● Pros ○ Privacy based on Zero Knowledge Proof technology called zk-SNARK. ○ Fungibility of coins ○ Supports both private and transparent transactions ○ Supports scripting ● Cons ○ Space scalability: 5.3 KB/transaction - lower than Monero but 9 times higher than Bitcoin ○ TPS limit: 6.67 - 26.67 TPS ○ Founders reward - 20% of block fees, 10% of total Zcash emission ● Other info ○ Based on Bitcoin fork ○ Max supply: 21 mln ○ Avg. block time: 2.5 min
  • 16. Competitors - Dash ● Launched in 2014 (formerly known as Darkcoin) ● Pros ○ Supports both private and transparent transactions ○ InstantSend - TPS limit: 500-1000 TPS ● Cons ○ Not fully private. Privacy based on decentralized CoinJoin ○ Masternodes introduce centralization element ○ 10% of block reward goes to treasury ● Other info ○ Bitcoin fork ○ Two-tier network - miners and masternodes ○ Decentralized Governance and funding system ○ Max supply: 18 mln ○ Avg. block time: 2.5 min
  • 17. Launched on the 3rd of January 2019 by Israel startup What is different from Grin ● Monetary policy ■ Supply capped at 263 million BEAM tokens ■ Emission halving similar to Bitcoin (4 years) ■ Starting block reward 80 BEAM per block ■ Starting founders reward 20 BEAM per block ● Other ■ Auditability features ■ Equihash Proof of Work ■ SBBS system ■ GUI wallet already in place Competitors - Beam
  • 18. Thank you Questions, please Eugene Pavlenko, telegram: @epavlenko axiomadev.com, tothemoonlab.com https://www.linkedin.com/in/eugene-pavlenko-b31a0430/

Editor's Notes

  1. Here is some information about me and my contacts. I'm CEO of AXIOMA - blockchain software development company For our clients we develop Solutions for secure crypto storage and trading wallets multi-signature crypto storage crypto exchange software, both centralized and decentralized trading bots Smart contracts and distributed apps Projects based on permissioned blockchains Also I’m CTO and co-founder of Digital Marketing Agency called ToTheMoon Lab - we help blockchain projects to achieve global audience and as well as waise necessary funds
  2. Greg Maxwell (Blockstream CTO) - Confidential transactions and CoinJoin Nicolas van Saberhage - Darkening of transaction graph (anonymous author of CryptoNote white paper. Monero is the implementation of CryptoNote protocol.) Peter Wuille - Bitoin Core Developer (cofounder of Blockstream) Tom Elvis Jedusor - which is the name of Volan de Mort in the French editions of Harry Potter. Authors real name is still unknown. Mimblewimble is also from the book and means a spell of speech that binds the victim's language not allowing a word to be said.
  3. Andrew Poelstra (Director of research at Blockstram) - specified all the technical details of the implementation of the ideas of the initial paper ignopeverell - anonymous author. He’s real name is still unknown. Ignotus Pervell is the owner of the invisibility cloak in the Harry Potter books
  4. The reason why you send or receive money may require personal information, but this process must be separated from the financial transaction itself. For example: Again, you don’t want anybody to know how much you earn If you give money to your wife, husband or child nobody should know about it If you donate money to the political party - the process itself requires the party to be transparent in its financial transactions/
  5. It means: Balance of any wallet may be calculated by third party Addresses/wallets can be connected to your identity if you reveal any personal information anywhere while making payments (your IP address is also your private information) Blockchain can be analyzed to discover all the history of your transactions Any coin can be tracked from the moment of its mining - no fungibility. For example a newly mined coin is more expensive than a coin conducting with Bitcoin mixers. So it’s not private. But you can control privacy using some additional measures. Bitcoin stores the whole history of all transactions and someone who wishes to check the final state must download the whole blockchain and replay each transaction. This is quite non-efficient way to store the state. Also the "transaction graph" resulting reveals a lot of information and is subjected to analysis of organizations who wants to control your money.
  6. Amounts of transactions are hidden - thanks to confidential transactions technology and range proofs The whole history of transactions is hidden - using technique called cut-through (I will tell about all the technical details a little bit later) Senders IP is hidden - using Dandelion network (stem, fluff phases) https://github.com/mimblewimble/grin/blob/master/doc/dandelion/dandelion.md Inputs and outputs of each block are mixed - which is something similar to CoinJoin technology There are no addresses - sender and receiver directly exchange with their keys for the specific transaction during the preparation of it
  7. The whole concept is actually introduced by Greg Maxwell as “Confidential transactions” which is derived from another proposal by Adam Back Pedersen commitment is basic cryptographic algorithm used in many applications, that allows one to commit to a chosen value while keeping it hidden to others, with the ability to reveal the committed value later. 7*G - is a kernel excess and it is valid public key only if the transaction sums to 0. 7 is used to sign the transaction and the signature is included in the transaction to prove that.
  8. A block is like one bit CoinJoin transaction - lists of inputs, outputs and kernels are not connected between each other, they are sorted in the order of their hashes. Block is validated by checking zero sum of the block and checking signatures of all transactions Impossible to connect particular inputs with its outputs Impossible to reconstruct the history of each coin
  9. Via file Sender: creates transaction file Sender: sends it to the recipient Recipient: imports file to wallet and creates response file Recipient: sends it back to the sender Sender: finalizes the transaction - posts the transaction to the listening grin node Balances should confirm in boths wallets after few blocks Directly between 2 wallets Recipient: should run wallet in listener mode Sender: sends grins directly to the IP address and specific http port of the recipient in a single step Also there are some community projects of grin wallets in development phase
  10. Lightning network can be implemented Cut-through technique If Alise has sent 3 coins to Bob and Bob sent these 3 coins to Carol, we don’t need to store the whole information about the transaction between Alise and Bob. We can only store coinbase transactions, UTXOs. This is some kind of pruning technique - after some output is being spent it can be removed from the database. https://github.com/mimblewimble/grin/blob/master/doc/pruning.md https://github.com/mimblewimble/grin/blob/master/doc/chain/chain_sync.md Links https://www.reddit.com/r/grincoin/comments/a2pv94/how_many_tps_is_the_grin_coin_as_implementation/ https://www.reddit.com/r/grincoin/comments/7r6wvp/how_many_transactions_per_second_can_the_grincoin/
  11. Mining 2 variants - CuckARoo (ASIC Resistant) and CuckAToo (ASIC Targeted) At launch - 90% blocks mined with GPU and 10% with ASIC. Gradually change to 0% GPU and 100% CPY over 2 years Recent GPU min 6GB, Nvidia 1080/2080/ti series, Supports also AMD cards via OpenCL. I know only one of these projecys - aeternity. Emission First four years of Bitcoin emission rate are identical to first four years of Grin After 10 years supply inflation will be 10% After 25 years supply inflation will be 4% - the same as Bitcoin 10 year after its genesis. It’s likely that at leas 2% of coins get lost per year Fees???
  12. CryptoNote is whitepaper written by another anonymous author Nicolas van Saberhage Monero was a fork of Bytecoin with no premine. Confidential transactions to obfuscate amounts Stealth addresses - Receivers privacy Ring signatures - Sendres privacy Size of ring signatures directly depends on the number of signatures https://www.reddit.com/r/grincoin/comments/a2pv94/how_many_tps_is_the_grin_coin_as_implementation/ https://coincentral.com/privacy-coins-what-are-they-how-do-they-work-and-why-are-they-needed/
  13. Two types of addresses: private addresses and transparent addresses TPS depends on the amount of shielded and transparent transactions https://www.reddit.com/r/grincoin/comments/a2pv94/how_many_tps_is_the_grin_coin_as_implementation/ https://github.com/mimblewimble/grin/wiki/Grin-and-MimbleWimble-vs-ZCash https://coincentral.com/privacy-coins-what-are-they-how-do-they-work-and-why-are-they-needed/
  14. Masternodes - handle instant and private transactions, decentralized gouvernance Stake 1000 Dash to run Masternode CoinJoin - Restricting the mixing to only accept certain denominations (e.g.: 0.01 DASH, 0.1 DASH, 1 DASH, and 10 DASH, etc.) Not fully private - theoretically it’s possible to trace transactions https://coincentral.com/privacy-coins-what-are-they-how-do-they-work-and-why-are-they-needed/
  15. Auditability features - allow businesses to provide financial trails of transactions for auditors/regulators if necessary Equihash - 12-18 month ASIC resistant Secure Bulletin Board System - non-interactive offline transactions and messaging system - utilizes beam nodes and wallets to relay messages https://blockonomi.com/beam-coin-guide/ https://forklog.com/beam-protiv-grin-otlichiya-osobennosti-majninga-i-perspektivy-kriptovalyut-na-baze-mimblewimble/ https://forklog.com/sostoyalsya-zapusk-privatnoj-kriptovalyuty-beam-na-osnove-protokola-mimblewimble/
  16. After the meetup please join me for a cup of tea or bear